Premium Rate Fraud
By tricking a person to call a telephone number that charges
more than expected, a fraudster is able to get some sort of revenue from each
call.
These attacks come in various forms, but they all have 2
parts:
1.
They have acquired a Premium
Rate number that enables them to “revenue share” with the terminating operator.
2.
They trick people into
calling the number or use a hacked PBX to dial it themselves.
Part one is easy, they can get numbers from most phone
companies who offer them to legitimate businesses. These can include pay per
call customer support services, sex lines, satellite lines, etc. In the USA
these are usually associated with 1-900 numbers. But with the explosion of mobile
virtual network operators (MVNO) it is easy for what looks like a regular
number to actually charge more for the termination of the phone call than is expected
(more on this when I cover arbitrage fraud).
Part two happens when people leave a message or send a text (SMS) message to get you to call a number back. This can be as simple as “Congratulations you have Won a chance to win a new CAR, please call #### to see if YOU ARE A WINNER.” Such a message sent to most voicemails will end with your voicemail system offering you a chance to call them back – at the premium number.
Essentially this causes the attacker to make use of the
voicemail system to place calls to a premium number under their control,
gaining them revenue for each minute they hold the line.
Please note that premium numbers that can cost more than $2 and
up to $18 per min, and you are charged at per min rates. So a 6 second call
will charge the full amount. They will go further by adding in a menu system or
options that require you to enter your name or phone number as ways to keep you
on the system longer.
The best tips here are to be careful in automatically
dialing someone back to an unrecognized number and deals that sound too good to
be true usually are.
